Date: Sun, 18 Aug 2002 08:31:26 -0700 (PDT) From: yonatan <yonatan@xpert.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/41763: [walkthrough] fixing security/acid port Message-ID: <200208181531.g7IFVQd7091833@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 41763 >Category: ports >Synopsis: [walkthrough] fixing security/acid port >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Aug 18 08:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: yonatan >Release: 4.6.2 >Organization: Xpert systems >Environment: irrelevant >Description: The current Acid port suffers four problems: 1. It's not the latest version (ports/36940). 2. It should be indifferent to the version of apache it runs on. (ports/41577). 3. There are two unlisted dependencies: phplot and adodb. 4. The build process is not complete If a long time has passed since this was submitted, please contact me about it. I might have to to supply patches. >How-To-Repeat: cd /usr/ports/security/acid && make install clean Open a browser. go to ServerName. see nothing. >Fix: The complete build process follows. # are my comments. not a part of the build. -snip- cd /usr/ports/www/apache13-modssl make build make certificate make install clean cd /usr/ports/www/mod_php4 make install clean # Now I've encountered two bugs, they are # present at the time of submitting this # PR: mod_php4 breaks when compiled WITH_APACHE2, # and when compiled with apache13-modssl, it # only loads PHP if you use SSL. # Here's how to fix: # change: <IfDefine SSL> LoadModule ssl_module libexec/apache/libssl.so LoadModule php4_module libexec/apache/libphp4.so </IfDefine> # To: <IfDefine SSL> LoadModule ssl_module libexec/apache/libssl.so </IfDefine> LoadModule php4_module libexec/apache/libphp4.so # And: <IfDefine SSL> AddModule mod_ssl.c AddModule mod_php4.c </IfDefine> # To: <IfDefine SSL> AddModule mod_ssl.c </IfDefine> AddModule mod_php4.c # Irrelevant of this bug, it's not a good idea to # send the error messages to the user, or to allow uploading files. cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini # And in the php.ini comment this line: error_reporting = E_ALL & ~E_NOTICE # and uncomment this line: ;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR # and change this line: file_uploads = On # to "Off". cd /usr/ports/security/snort make -DWITH_MYSQL install clean # The last one should install mysql323-server # 1. create user and empty database for snort. # 2. extract create_mysql from snort tarball (under contrib). # 3. mysql -u user_u_created -p password database_name <create_mysql # 4. Make sure the user can also CREATE and DELETE records from your DB: mysql mysql # in mysql: update db set Create_priv="Y", Drop_priv="Y" where User = "user_u_created" ; quit # out of mysql, to reload permission tables: mysqladmin reload # In addition, now is the time to update snort.conf # The very least changes are: var RULE_PATH /usr/local/share/snort/ # add this line: output database: log, mysql, user=user_u_created password=password dbname=database_name host=localhost cd /usr/ports/databases/adodb make install clean cd /usr/ports/graphics/phplot make install clean cd /usr/ports/security/acid make install clean mv /usr/local/www/acid /usr/local/www/data/acid # Last line is another build-bug edit /usr/local/www/acid/acid_conf.php: $DBlib_path = "/usr/local/www/data.default/php/adodb"; # data.default is probably the wrong place. # But that should be fixed in adodb. $alert_dbname = "database_name"; $alert_host = "localhost"; # The database can be on a different server. We # should consider separating the mysql database # installation. $alert_port = "3306"; # That's the default. Can be changed. $alert_user = "user_u_created"; $alert_password = "password"; # We should get values from the user for the # last two. Reuse all the parameters s/alert/archive/ . $ChartLib_path = "/usr/local/lib/php/phplot"; -snip- open browser to http://acid-host/acid/index.html click "Go To Setup Page" --> "Create Acid AG". >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208181531.g7IFVQd7091833>